AI in Pensions: The Pensions Regulator sets out its views

The Pensions Regulator (TPR) has published a plan providing guidance on how AI should be used by the pensions industry (the Plan). The Plan also outlines TPR’s role in, and approach to, overseeing the adoption of AI by pension schemes. Further guidance on the responsible adoption of AI is expected to come later in 2026.

Trustees and their service providers may be using AI-driven processes in pensions contexts such as member benefits calculations, transfer requests, or communications, as well as internal and operational uses.

Balancing Opportunity and Risks

TPR aims to shape AI innovation in pensions administration for the benefit of society. It expects AI to increase efficiency and effectiveness, whilst seeking to anticipate and mitigate potential harms before they occur.

Improving Scheme Administration

The Plan highlights how AI can bring potentially significant improvements to pensions administration, investment decision-making and member engagement and support. TPR notes that schemes are already using AI to provide personalised member support, automate routine tasks and enhance fraud protection, and it expects this trend to continue.

Understanding AI Risk

TPR contrasts these potential benefits with the risks inherent in AI, including:

• AI capabilities and adoption outpacing the implementation of robust governance;
• Members using AI for financial planning and advice;
• Increased and more sophisticated cyber attacks;
• AI-generated scams and fraud; and
• Bias that could widen existing inequalities.

In particular, AI tools are mostly unregulated, unlike authorised financial services firms, and TPR cautions that AI can produce inaccurate responses to user queries. Adoption of AI by members in everyday life could also create a heightened demand for AI-powered services and products from their scheme.

TPR’s Approach to AI

TPR sets out its own approach to AI adoption, which it describes as outcome-focused, principles-based, technology-agnostic, and evidence-based. TPR‘s AI workplan will focus on:

• Ensuring all schemes are well-run and well-governed;
• Putting the data building blocks in place for effective AI adoption;
• Supporting and fostering responsible innovation; and
• Harnessing AI to become a more efficient and effective regulator.

Its internal approach to AI will cover three key areas: establishing frameworks and policies to ensure safe and responsible AI use, building skills and capability across TPR to support AI use, and prioritising AI applications that align with TPR’s strategic objectives and regulatory responsibilities.

Other UK AI Regulation

The Plan represents part of a coordinated, cross-sector approach to AI regulation emerging across the United Kingdom. Rather than establishing a single AI-specific regulator, the government has tasked existing sectoral regulators with overseeing AI use within their respective domains, guided by a common framework of principles and coordinated through the Digital Regulation Cooperation Forum (for more information, please see our Legal Update, UK's Approach to Regulating the Use of Artificial Intelligence). TPR notes in the Plan that it will work collaboratively with other regulators.

For example, the Information Commissioner’s Office (ICO) plays a central role in AI regulation through its oversight of data protection law. The ICO has published extensive guidance on AI and data protection, including on AI and data protection risk mitigation strategies and on explaining decisions made with AI, which should also be considered by trustees.

A Reminder of Trustee Obligations

Whilst noting TPR is not an AI regulator, the Plan outlines TPR’s expectations of trustees and administrators, and makes a range of additional recommendations. TPR confirms that, as trustees are accountable for outcomes, even where functions are delegated to service providers or advisers, they need to understand where and how AI is being used in relation to their scheme. TPR expects trustees to:

• Establish clear governance and accountability for AI use, including assuring themselves that administrators, service providers and advisers have similarly robust arrangements;
• Carry out rigorous testing, assurance and ongoing monitoring of AI systems;
• Identify and evaluate risks, with appropriate controls being put in place, reviewed regularly and adapted as necessary;
• Prevent members being scammed by being aware of AI-driven fraud methods and responding effectively to the evolving threat;
• Have a clear data strategy, ensure scheme and member data is of high quality, and comply with data protection legislation – including as it relates to automated decision-making; and
• Seek appropriate professional advice when considering or implementing innovations.

Monitoring AI Uptake

The Plan cites a 2026 industry survey which characterises AI use as “widespread and accelerating”. TPR will monitor AI use in the sector, engaging with schemes, advisers and service providers to build evidence on trends and insights. Additionally, TPR will work with partners such as the Financial Conduct Authority to understand how different types of members are adopting AI, and any risks and opportunities that may result. TPR will report annually on its progress in enabling safe and responsible AI adoption across the industry, and on any barriers to innovation and AI adoption and how these are being addressed.

What Should Trustees Do in Response to the Plan?

Trustees should consider the Plan and, in collaboration with their administrators, consider what, if any, steps they should be taking in relation to their scheme’s governance and administration processes.

How Can Mayer Brown Help?

We can assist trustees by:

• Advising on service provider and adviser (including administration) contracts, ensuring appropriate governance, risk allocation and compliance measures relating to the use of AI are in place;
• Reviewing/drafting trustee policies on the use of AI;
• Advising on specific AI-related legal issues, such as data protection, intellectual property, cyber security, governance and risk management;
• Providing a training session on AI governance best practices and identifying the types of AI use associated with legal risks; and
• Providing broader training and knowledge sessions, including cyber wargames with AI-related scenarios.